Notices by nadja (dequbed@mastodon.chaosfield.at)

@soatok > cheapen labor and extract more value for themselves

Which is still why I argue we need liability for software bugs that is persecuted ex officio; it can't be that in 2026 companies are still hiding behind the “software just does that *shrug*” excuse for bugs and security issues.

@pascoda @GreenSkyOverMe @wurzelmann @jollysea "Rumänien, Ungarn und andere Deutschsprachigen Regionen"? RUANDR!

@wurzelmann @pascoda @jollysea BACHL…D?

@soatok rubbing me the wrong way *more so than usual* that is, but the usual amount is below the noise floor of bad cryptography-related takes that float around everywhere.

@soatok They've been rubbing me the wrong way the last month as well, and I'm deliberating the same decision. So fwiw, you're not alone there :p

So, with stuff actually working now I think I can finally talk about what's been my hyperfocus for the last three days. To not put too fine a point to it, the tool ecosystem for cryptographic signatures is atrocious. Granted, the use-cases for those are also beyond niche, but when you need them you *really* need them.
And especially the gpg.fail talk at 39C3 has reminded me just how bad the situation is, but it has also reminded me that I am in fact a cryptographer, and I can just *improve it*.

The result of those three days researching and hacking away?
I've started work on a signing tool that allows its users to stop thinking about signing. It doesn't try to be a swiss army knife, and it has no knobs to fiddle with. It signs stuff, and it verifies stuff, but it does so with very secure defaults and according to open standards instead of being the tenth home-grown tool that does everything *slightly* different enough to the rest to be frustratingly incompatible.

If you're interested in such a tool or would like to get some experience writing cryptographic software where all the arduous work of designing the math and formats to be secure has been done by loads of smart people (and one stupid fox) already, go here: https://codeberg.org/dequbed/nbysign

@soatok I wish I was surprised but no this entirely tracks. PGP in general and GnuPG specifically are the masters of “that's not a bug, you're just holding it wrong”.

To which I will just quote Maxim 62 of Schlock Mercenary:
“Anything labeled "This end toward enemy" is dangerous at both ends.”
To wit, if you can hold it wrong it's dangerous even if held right. Cryptography is too important to only be available in dangerous tools.

@skinnylatte @keira_reckons especially if you don't want it :blobcatnotlikethis:

@skinnylatte @keira_reckons obviously the only reason women would flirt with each other is to fuck each other and the only reason women would fuck each other is so they can get a man because we all know women don't *actually* want sex

@whitequark *sigh* and it would not even been hard to do properly. Adding a (readable) write counter and including that in a proper checksum is not *that* much more complicated <.<

@izzy Use the service brake then? :p

@izzy Well, I don't either but I only ever learned hill starts using the service brake ^^'

@izzy uh, hold car with service brake, ease off clutch until the slipping point so it holds the car in place instead of the brake, let go of brake and throttle up while adjusting the clutch so you're not stalling the motor. If you're driving heavy loads / old cars / in very hilly terrain, adjust neutral throttle up so there's less slip back between releasing brake and throttling up

@izzy also I only ever drove diesel so that may be a thing that only works well in diesel cars. But my school car was gasoline and that easily managed the hillsides of southern bavaria ^^'

I scored 10/21 on https://e-mail.wtf and I know for a fact that at least half of the 11 questions I got wrong I, in fact, *didn't* get wrong because no E-Mail is so cursed that the page specifically made to show how cursed E-Mail is still doesn't fully grasp just *how* cursed E-Mail is :blobcatcomfysweat:

@soatok stuff like is absolutely why I always say I only truly understand something if I can teach it because to teach it I not only have to have understood the subject but enough of the surrounding and all the bases that I can understand how a student came to a given misunderstanding and then clear up that misunderstanding. That's much more than just knowing the subject itself.

Found elsewhere™:

Today's Oracle Java issue is packupdate not running because the user's Java predates the fall of the Soviet Union and it doesn't have the Let'sEncrypt certificate chain

Haven't we all been there~

@lanodan @Soblow @eragon isn't upside down flag usually the mourning flag?

… aces are all pacifists, going to war is always also mourned.